mirror of
https://github.com/Microsoft/vscode
synced 2024-09-13 21:55:38 +00:00
152 lines
4.9 KiB
YAML
152 lines
4.9 KiB
YAML
parameters:
|
|
- name: NPM_REGISTRY
|
|
displayName: "Custom NPM Registry"
|
|
type: string
|
|
default: "https://pkgs.dev.azure.com/monacotools/Monaco/_packaging/vscode/npm/registry/"
|
|
- name: NPM_ARCH
|
|
type: string
|
|
default: x64
|
|
- name: VSCODE_ARCH
|
|
type: string
|
|
default: x64
|
|
|
|
steps:
|
|
- task: NodeTool@0
|
|
inputs:
|
|
versionSource: fromFile
|
|
versionFilePath: .nvmrc
|
|
nodejsMirror: https://github.com/joaomoreno/node-mirror/releases/download
|
|
|
|
- template: ./distro/download-distro.yml
|
|
|
|
- task: AzureKeyVault@1
|
|
displayName: "Azure Key Vault: Get Secrets"
|
|
inputs:
|
|
azureSubscription: "vscode-builds-subscription"
|
|
KeyVaultName: vscode-build-secrets
|
|
SecretsFilter: "github-distro-mixin-password"
|
|
|
|
- powershell: |
|
|
. build/azure-pipelines/win32/exec.ps1
|
|
$ErrorActionPreference = "Stop"
|
|
exec { npm config set registry "${{ parameters.NPM_REGISTRY }}" --location=project }
|
|
# npm >v7 deprecated the `always-auth` config option, refs npm/cli@72a7eeb
|
|
# following is a workaround for yarn to send authorization header
|
|
# for GET requests to the registry.
|
|
exec { Add-Content -Path .npmrc -Value "always-auth=true" }
|
|
exec { yarn config set registry "${{ parameters.NPM_REGISTRY }}" }
|
|
condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'), ne('${{ parameters.NPM_REGISTRY }}', 'none'))
|
|
displayName: Setup NPM & Yarn
|
|
|
|
- task: npmAuthenticate@0
|
|
inputs:
|
|
workingFile: .npmrc
|
|
condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'), ne('${{ parameters.NPM_REGISTRY }}', 'none'))
|
|
displayName: Setup NPM Authentication
|
|
|
|
- powershell: |
|
|
. build/azure-pipelines/win32/exec.ps1
|
|
$ErrorActionPreference = "Stop"
|
|
exec { node build/setup-npm-registry.js "${{ parameters.NPM_REGISTRY }}" }
|
|
condition: and(succeeded(), ne(variables.NODE_MODULES_RESTORED, 'true'), ne('${{ parameters.NPM_REGISTRY }}', 'none'))
|
|
displayName: Setup NPM Registry
|
|
|
|
- pwsh: |
|
|
$includes = @'
|
|
{
|
|
'target_defaults': {
|
|
'conditions': [
|
|
['OS=="win"', {
|
|
'msvs_configuration_attributes': {
|
|
'SpectreMitigation': 'Spectre'
|
|
},
|
|
'msvs_settings': {
|
|
'VCCLCompilerTool': {
|
|
'AdditionalOptions': [
|
|
'/Zi',
|
|
'/FS'
|
|
],
|
|
},
|
|
'VCLinkerTool': {
|
|
'AdditionalOptions': [
|
|
'/profile'
|
|
]
|
|
}
|
|
}
|
|
}]
|
|
]
|
|
}
|
|
}
|
|
'@
|
|
|
|
if (!(Test-Path "~/.gyp")) {
|
|
mkdir "~/.gyp"
|
|
}
|
|
echo $includes > "~/.gyp/include.gypi"
|
|
displayName: Create include.gypi
|
|
|
|
- powershell: |
|
|
. build/azure-pipelines/win32/exec.ps1
|
|
. build/azure-pipelines/win32/retry.ps1
|
|
$ErrorActionPreference = "Stop"
|
|
retry { exec { yarn --frozen-lockfile --check-files } }
|
|
env:
|
|
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
|
|
GITHUB_TOKEN: "$(github-distro-mixin-password)"
|
|
CHILD_CONCURRENCY: 1
|
|
displayName: Install dependencies
|
|
|
|
- script: node build/azure-pipelines/distro/mixin-npm
|
|
displayName: Mixin distro node modules
|
|
|
|
- script: node build/azure-pipelines/distro/mixin-quality
|
|
displayName: Mixin distro quality
|
|
env:
|
|
VSCODE_QUALITY: stable
|
|
|
|
- powershell: yarn compile
|
|
displayName: Compile
|
|
|
|
- powershell: yarn gulp "vscode-symbols-win32-${{ parameters.VSCODE_ARCH }}"
|
|
env:
|
|
GITHUB_TOKEN: "$(github-distro-mixin-password)"
|
|
displayName: Download Symbols
|
|
|
|
- task: BinSkim@4
|
|
inputs:
|
|
InputType: "Basic"
|
|
Function: "analyze"
|
|
TargetPattern: "guardianGlob"
|
|
AnalyzeIgnorePdbLoadError: true
|
|
AnalyzeTargetGlob: '$(agent.builddirectory)\scanbin\**.dll;$(agent.builddirectory)\scanbin\**.exe;$(agent.builddirectory)\scanbin\**.node'
|
|
AnalyzeLocalSymbolDirectories: '$(agent.builddirectory)\scanbin\VSCode-win32-${{ parameters.VSCODE_ARCH }}\pdb'
|
|
|
|
- task: CopyFiles@2
|
|
displayName: 'Collect Symbols for API Scan'
|
|
inputs:
|
|
SourceFolder: $(Agent.BuildDirectory)
|
|
Contents: 'scanbin\**\*.pdb'
|
|
TargetFolder: '$(agent.builddirectory)\symbols'
|
|
flattenFolders: true
|
|
condition: succeeded()
|
|
|
|
# - task: APIScan@2
|
|
# inputs:
|
|
# softwareFolder: $(agent.builddirectory)\scanbin
|
|
# softwareName: 'vscode-client'
|
|
# softwareVersionNum: '1'
|
|
# symbolsFolder: 'SRV*http://symweb;$(agent.builddirectory)\symbols'
|
|
# isLargeApp: false
|
|
# toolVersion: 'Latest'
|
|
# displayName: Run ApiScan
|
|
# condition: succeeded()
|
|
# env:
|
|
# AzureServicesAuthConnectionString: $(apiscan-connectionstring)
|
|
|
|
- task: PublishSecurityAnalysisLogs@3
|
|
inputs:
|
|
ArtifactName: CodeAnalysisLogs
|
|
ArtifactType: Container
|
|
PublishProcessedResults: false
|
|
AllTools: true
|